Appl. No. 10/507,190 

Amendment and/or Response 

Reply to Office action of 8 August 2007 



Page 3 of 11 



Amendments to the Claims : 

A listing of the entire set of pending claims (including amendments to the 
claims, if any) is submitted herewith per 37 CFR 1.121. This listing of claims will 
replace all prior versions, and listings, of claims in the application. 

Listing of Claims: 

1 . (Original) A method of generating a common secret between a first party and a 
second party, in which the first party holds a value pi and a symmetrical polynomial 
P(x,y) fixed in the first argument by the value pi, and the first party performs the 
steps of sending the value pi to the second party, receiving a value p 2 from the 
second party and calculating the common secret Si by evaluating the polynomial 
P(pi, y) in p 2 , characterized in that the first party additionally holds a value qi and a 
symmetrical polynomial Q(x, z) fixed in the first argument by the value q 1t and further 
performs the steps of sending qi to the second party, receiving a value q 2 from the 
second party and calculating the secret Si as Si=Q(qi, q 2 )P(Pi, P2). 

2. (Original) The method of claim 1 , in which the first party further performs the steps 
of obtaining a random number n, calculating iyqi, sending iyqi to the second party, 
receiving r 2 -q 2 from the second party and calculating the secret Si as 

Si=Q(qi, r r r 2 -q 2 )-P(pi, p 2 ). 

3. (Original) The method of claim 2, in which the first party holds the value qi 
multiplied by an arbitrarily chosen value r, and the product Q(q 1 , z)P(pt, y) instead of 
the individual polynomials P(pi, y) and Q(qi, z), and the first party performs the steps 
of calculating ry r qi, sending n-r qi to the second party, receiving r 2 r q 2 from the 
second party and calculating the secret Si as Si=Q(qi, ri-r 2 r q 2 ) P(pi, p 2 ). 



NL-020192 Amendment 7.808 



Atty. Docket No. NL-020192 



Appl. No. 10/507,190 

Amendment and/or Response 

Reply to Office action of 8 August 2007 



Page 4 of 11 



4. (Original) The method of claim 1 , in which the second party holds a value p 2 and a 
value q 2 , the symmetrical polynomial P(x, y) fixed in the first argument by the value 
P2, the symmetrical polynomial Q(x, z) fixed in the first argument by the value q 2 , and 
the second party performs the steps of sending q 2 to the first party, receiving from 
the first party and calculating a secret S 2 as S 2 =Q(q 2 , qi)P(p 2 , Pi), whereby the 
common secret has been generated if the secret S 2 equals the secret Si. 

5. (Original) The method of claim 1 , in which a trusted third party performs the steps 
of choosing a symmetric (n+1) x (n+1) matrix T, constructing the polynomial P using 
entries from the matrix T as respective coefficients of the polynomial P, constructing 
the polynomial Q(x, y), choosing the value pi, the value p 2 , the value qi and the value 
q 2 , sending the value pi, the value qi, the polynomial P(x, y) fixed in the first 
argument by the value pi and the polynomial Q(x, z) fixed in the first argument by the 
value qi to the first party, and sending the value p 2 , the value q 2 , the polynomial P(x, 
y) fixed in the first argument by the value p 2 and the polynomial Q(x, z) fixed in the 
first argument by the value q 2 to the second party 

6. (Original) The method of claim 5, in which the trusted third party further arbitrarily 
chooses a value r, sends the value r qi instead of the value qi and the product Q(qi, 
z ) p (Pi> y) instead of the individual polynomials P(pi, y) and Q(qi, z) to the first party 
and sends the value r q 2 instead of the value q 2 and the product Q(q 2 , z)P(p 2 , y) 
instead of the individual polynomials P(p 2 , y) and Q(q 2 , z) to the second party. 
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7. (Original) The method of claim 5, in which the trusted third party further performs 
the steps of 

choosing a set comprising m values pi, including the values pi and p 2 , 
calculating a space A from the tensor products pj <8> p v . of the Vandermonde 

vectors pj built from the set of values p, 

choosing a vector y { and a vector f 2 from the perpendicular space A 1 of the 
space A, constructing a matrix x rj = T+ri from the vector y x and a matrix T r2 = T+r 2 

from the vector f 2 , constructing a polynomial P Fl (x,y) using entries from the matrix 
T rj and sending the polynomial P Fl (x,y) fixed in the first argument by the value pi to 
the first party, and 

constructing a polynomial P r 2 (x,y) using entries from the matrix t F2 and 

sending the polynomial P r 2 (x,y) fixed in the first argument by the value p 2 to the 
second party. 

8. (Original) The method of claim 5, in which a number m' of values pi, and m' < m, 
are distributed to additional parties. 

9. (Original) The method of claim 1 , in which the first party and the second party use 
a non-linear function on the generated secret S1 and S2, respectively, before using it 
as a secret key in further communications. 

10. (Original) The method of claim 9 in which a one-way hash function is applied to 
the generated secrets S1 and S2. 

1 1 . (Original) The method of claim 9 in which a non-linear function in the form of a 
polynomial is applied to the generated secrets S1 and S2. 
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12. (Original) The method of claim 1 , further comprising the step of verifying that the 
second party knows the secret Si. 

1 3. (Original) The method of claim 1 2, in which the first party subsequently applies a 
zero-knowledge protocol to verify that the second party knows the secret Si. 

14. (Original) The method of claim 1 2, in which the first party subsequently applies a 
commitment-based protocol to verify that the second party knows the secret Si. 

15. (Original) The method of claim 14, in which the second party uses a symmetric 
cipher to encrypt a random challenge, and sends the encrypted random challenge to 
the first party and the first party subsequently uses the same symmetric cipher as a 
commit function to commit himself to a decryption of the encrypted random 
challenge. 

16. (Previously presented) A system comprising a first party, a second party and a 
trusted third party, that is arranged to generate a common secret between the first 
party and the second party, in which the first party holds a value pi and a 
symmetrical polynomial P(x,y) fixed in the first argument by the value pi, and the first 
party performs the steps of sending the value pi to the second party, receiving a 
value p 2 from the second party and calculating the common secret Si by evaluating 
the polynomial P(pi, y) in p 2 , 

wherein the first party additionally holds a value qi and a symmetrical 
polynomial Q(x, z) fixed in the first argument by the value qi, and further performs the 
steps of sending ^ to the second party, receiving a value q 2 from the second party 
and calculating the secret Si as Si=Q(qi, q 2 )P(pi, p 2 ). 
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17. (Currently amended) A device (P) arranged to: 

hold a value P i _, a symmetrical polynomial P(x.y) fixed in the first argument by 

the value P i _, a value q^ and a symmetrical polynomial Q(x, z) fixed in the first 
argument by the value Qi. 

send the value p 1 to a second party, 

receive a value p? from the second party, 

evaluate the polynomial P(p -i , v) in p?, 

send Q i to the second party. 

receiving a value a? from the second party. 

evaluate the polynomial Q(ch. a?), and 

calculate a secret S i as S i =Q(ch, g?VP(Pi. p?) 

operate as the f i rst party and/or as the second party i n the system of c l a i m 16 . 

18. (Currently amended) The device of claim 17, comprising storage means (303) for 
storing the polynomial P and the polynomial Q in the form of their respective 
coefficients. 

19. (Previously presented) A computer program product for causing one or more 
processors to generate a common secret between a first party and a second party, in 
which the first party holds a value pi and a symmetrical polynomial P(x,y) fixed in the 
first argument by the value pi, and the first party performs the steps of sending the 
value pi to the second party, receiving a value p 2 from the second party and 
calculating the common secret Si by evaluating the polynomial P(pi, y) in p 2 , 

wherein the first party additionally holds a value qi and a symmetrical 
polynomial Q(x, z) fixed in the first argument by the value qi, and further performs the 
steps of sending ^ to the second party, receiving a value q 2 from the second party 
and calculating the secret Si as Si=Q(qi, q 2 )P(pi, p 2 ). 
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20. (Previously presented) The system of claim 16, wherein the second party holds a 
value p 2 and a value q 2 , the symmetrical polynomial P(x, y) fixed in the first argument 
by the value p 2 , the symmetrical polynomial Q(x, z) fixed in the first argument by the 
value q 2 , and the second party performs the steps of sending q 2 to the first party, 
receiving q! from the first party and calculating a secret S 2 as S 2 =Q(q 2 , qi) P(p 2 , Pi), 
whereby the common secret has been generated if the secret S 2 equals the secret 
Si. 
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